From 2744c31b7535fa86448e9b71e04127238c796d00 Mon Sep 17 00:00:00 2001
From: Nicolas Bertrand <nicolas.bertrand@genesys.com>
Date: Mon, 4 Dec 2023 18:22:22 +0100
Subject: [PATCH 1/7] Partitioned Bis

---
 README.md     | 1 +
 lib/cookie.js | 4 +++-
 package.json  | 2 +-
 3 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 30b78a2..3a189bd 100644
--- a/README.md
+++ b/README.md
@@ -74,6 +74,7 @@ The options object is used to generate the `Set-Cookie` header of the session co
 * `expires` - The expiration `date` used for the `Expires` attribute. If both `expires` and `maxAge` are set, then `maxAge` is used.
 * `sameSite`- The `boolean` or `string` of the `SameSite` attribute. Using `Secure` mode with `auto` attribute will change the behavior of the `SameSite` attribute in `http` mode. The `SameSite` attribute will automatically be set to `Lax` with an `http` request. See this [link](https://www.chromium.org/updates/same-site).
 * `domain` - The `Domain` attribute.
+* `partitioned`- The `boolean` value of the `Partitioned` attribute. Using the Partitioned attribute as part of Cookies Having Independent Partitioned State (CHIPS) to allow cross-site access with a separate cookie used per site.Defaults to false.
 
 ##### store
 A session store. Needs the following methods:
diff --git a/lib/cookie.js b/lib/cookie.js
index d157bd6..0c4fa01 100644
--- a/lib/cookie.js
+++ b/lib/cookie.js
@@ -10,6 +10,7 @@ module.exports = class Cookie {
     this.sameSite = cookie.sameSite || null
     this.domain = cookie.domain || null
     this.httpOnly = cookie.httpOnly !== undefined ? cookie.httpOnly : true
+    this.partitioned = cookie.partitioned ?? null
     this._expires = null
 
     if (originalMaxAge) {
@@ -61,7 +62,8 @@ module.exports = class Cookie {
       secure: this.secure,
       path: this.path,
       httpOnly: this.httpOnly,
-      domain: this.domain
+      domain: this.domain,
+      partitioned: this.partitioned
     }
   }
 }
diff --git a/package.json b/package.json
index 67374a3..abf97a5 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@fastify/session",
-  "version": "10.6.1",
+  "version": "10.6.2",
   "description": "a session plugin for fastify",
   "main": "lib/fastifySession.js",
   "type": "commonjs",

From db9984ab564072c0543b7e1df3ee584947c25d95 Mon Sep 17 00:00:00 2001
From: nicob-29 <56296287+nicob-29@users.noreply.github.com>
Date: Mon, 4 Dec 2023 18:31:02 +0100
Subject: [PATCH 2/7] Update lib/cookie.js

Co-authored-by: Manuel Spigolon <behemoth89@gmail.com>
---
 lib/cookie.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/cookie.js b/lib/cookie.js
index 0c4fa01..25e6a0c 100644
--- a/lib/cookie.js
+++ b/lib/cookie.js
@@ -10,7 +10,7 @@ module.exports = class Cookie {
     this.sameSite = cookie.sameSite || null
     this.domain = cookie.domain || null
     this.httpOnly = cookie.httpOnly !== undefined ? cookie.httpOnly : true
-    this.partitioned = cookie.partitioned ?? null
+    this.partitioned = cookie.partitioned ?? undefined
     this._expires = null
 
     if (originalMaxAge) {

From 9d9b8090d521f8d7d0df1482e8404b6d9fcb3cea Mon Sep 17 00:00:00 2001
From: nicob-29 <56296287+nicob-29@users.noreply.github.com>
Date: Mon, 4 Dec 2023 20:11:43 +0100
Subject: [PATCH 3/7] Update lib/cookie.js
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: Gürgün Dayıoğlu <gurgun.dayioglu@icloud.com>
---
 lib/cookie.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/cookie.js b/lib/cookie.js
index 25e6a0c..af1b240 100644
--- a/lib/cookie.js
+++ b/lib/cookie.js
@@ -10,7 +10,7 @@ module.exports = class Cookie {
     this.sameSite = cookie.sameSite || null
     this.domain = cookie.domain || null
     this.httpOnly = cookie.httpOnly !== undefined ? cookie.httpOnly : true
-    this.partitioned = cookie.partitioned ?? undefined
+    this.partitioned = cookie.partitioned
     this._expires = null
 
     if (originalMaxAge) {

From 50a1aafb093491591daf360fcfb959fe38fb3d7b Mon Sep 17 00:00:00 2001
From: nicob-29 <56296287+nicob-29@users.noreply.github.com>
Date: Mon, 4 Dec 2023 20:16:11 +0100
Subject: [PATCH 4/7] Update package.json

Co-authored-by: Aras Abbasi <aras.abbasi@googlemail.com>
---
 package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package.json b/package.json
index abf97a5..67374a3 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@fastify/session",
-  "version": "10.6.2",
+  "version": "10.6.1",
   "description": "a session plugin for fastify",
   "main": "lib/fastifySession.js",
   "type": "commonjs",

From 4419d40c9ab16ede053bde483d22644536bb61cd Mon Sep 17 00:00:00 2001
From: Nicolas Bertrand <nicolas.bertrand@genesys.com>
Date: Tue, 5 Dec 2023 10:28:46 +0100
Subject: [PATCH 5/7] Add tests

---
 test/cookie.test.js | 32 ++++++++++++++++++++++++++++++--
 1 file changed, 30 insertions(+), 2 deletions(-)

diff --git a/test/cookie.test.js b/test/cookie.test.js
index a24c0bc..804d253 100644
--- a/test/cookie.test.js
+++ b/test/cookie.test.js
@@ -415,6 +415,32 @@ test('should set session secure cookie secureAuto x-forwarded-proto header', asy
   t.match(response.headers['set-cookie'], /sessionId=[\w-]{32}.[\w-%]{43,57}; Path=\/; HttpOnly; Secure/)
 })
 
+test('should set session partitioned cookie secure http encrypted', async (t) => {
+  t.plan(2)
+  const fastify = Fastify()
+  fastify.addHook('onRequest', async (request, reply) => {
+    request.raw.socket.encrypted = true
+  })
+  fastify.register(fastifyCookie)
+  fastify.register(fastifySession, {
+    secret: DEFAULT_SECRET,
+    cookie: { secure: 'true', partitioned: true }
+  })
+  fastify.get('/', (request, reply) => {
+    request.session.test = {}
+    reply.send(200)
+  })
+  await fastify.listen({ port: 0 })
+  t.teardown(() => { fastify.close() })
+
+  const response = await fastify.inject({
+    url: '/'
+  })
+
+  t.equal(response.statusCode, 200)
+  t.match(response.headers['set-cookie'], /sessionId=[\w-]{32}.[\w-%]{43,57}; Path=\/; HttpOnly; Secure; Partitioned/)
+})
+
 test('should use maxAge instead of expires in session if both are set in options.cookie', async (t) => {
   t.plan(3)
   const expires = new Date(34214461000) // 1971-02-01T00:01:01.000Z
@@ -510,7 +536,7 @@ test('Cookie', t => {
   const cookie = new Cookie({})
 
   t.test('properties', t => {
-    t.plan(9)
+    t.plan(10)
 
     t.equal('expires' in cookie, true)
     t.equal('originalMaxAge' in cookie, true)
@@ -521,10 +547,11 @@ test('Cookie', t => {
     t.equal('domain' in cookie, true)
     t.equal('_expires' in cookie, true)
     t.equal('maxAge' in cookie, true)
+    t.equal('partitioned' in cookie, true)
   })
 
   t.test('toJSON', t => {
-    t.plan(9)
+    t.plan(10)
 
     const json = cookie.toJSON()
 
@@ -535,6 +562,7 @@ test('Cookie', t => {
     t.equal('path' in json, true)
     t.equal('httpOnly' in json, true)
     t.equal('domain' in json, true)
+    t.equal('partitioned' in cookie, true)
 
     t.equal('_expires' in json, false)
     t.equal('maxAge' in json, false)

From ce670c49efb3ae8eb5d213555af83724817a78e7 Mon Sep 17 00:00:00 2001
From: nicob-29 <56296287+nicob-29@users.noreply.github.com>
Date: Tue, 5 Dec 2023 11:32:26 +0100
Subject: [PATCH 6/7] Update test/cookie.test.js

Co-authored-by: Aras Abbasi <aras.abbasi@googlemail.com>
---
 test/cookie.test.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/cookie.test.js b/test/cookie.test.js
index 804d253..eb7b565 100644
--- a/test/cookie.test.js
+++ b/test/cookie.test.js
@@ -562,7 +562,7 @@ test('Cookie', t => {
     t.equal('path' in json, true)
     t.equal('httpOnly' in json, true)
     t.equal('domain' in json, true)
-    t.equal('partitioned' in cookie, true)
+    t.equal('partitioned' in json, true)
 
     t.equal('_expires' in json, false)
     t.equal('maxAge' in json, false)

From a75e6d2e6b90fd90b614a61d868f59d53f2851a9 Mon Sep 17 00:00:00 2001
From: nicob-29 <56296287+nicob-29@users.noreply.github.com>
Date: Wed, 6 Dec 2023 18:02:01 +0100
Subject: [PATCH 7/7] Update README.md
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: Gürgün Dayıoğlu <gurgun.dayioglu@icloud.com>
---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 3a189bd..11a45ce 100644
--- a/README.md
+++ b/README.md
@@ -74,7 +74,7 @@ The options object is used to generate the `Set-Cookie` header of the session co
 * `expires` - The expiration `date` used for the `Expires` attribute. If both `expires` and `maxAge` are set, then `maxAge` is used.
 * `sameSite`- The `boolean` or `string` of the `SameSite` attribute. Using `Secure` mode with `auto` attribute will change the behavior of the `SameSite` attribute in `http` mode. The `SameSite` attribute will automatically be set to `Lax` with an `http` request. See this [link](https://www.chromium.org/updates/same-site).
 * `domain` - The `Domain` attribute.
-* `partitioned`- The `boolean` value of the `Partitioned` attribute. Using the Partitioned attribute as part of Cookies Having Independent Partitioned State (CHIPS) to allow cross-site access with a separate cookie used per site.Defaults to false.
+* `partitioned` (**experimental**) - The `boolean` value of the `Partitioned` attribute. Using the Partitioned attribute as part of Cookies Having Independent Partitioned State (CHIPS) to allow cross-site access with a separate cookie used per site. Defaults to false.
 
 ##### store
 A session store. Needs the following methods: